Unattended

Type your comment> @peek said:

is the md5 a troll ?

I’m pretty sure it is.
md5, IDs, the notice from the developer, that single dot… But what to do with all of that.
The service doesn’t answer :anguished:

Type your comment> @peek said:

is the md5 a troll ?

I think it is. I have tried all possible combinations I could think of and converted them to md5. Got nothing, but I might be wrong. DB doesnt give much info to move as expected.

Type your comment> @Malone5923 said:

Type your comment> @peek said:

is the md5 a troll ?

I think it is. I have tried all possible combinations I could think of and converted them to md5. Got nothing, but I might be wrong. DB doesnt give much info to move as expected.

yeah i tried a ton of different services besides mail related ones as well… also tried them all on the port 80 to boot… nothing.

Those feel super much like a troll but might come in later I guess. Got a shell but I’m really stuck on getting up from www-data into the actual user acct

@alpaca said:
Those are 100% a troll. Got a shell but I’m really stuck on getting up from www-data into the actual user acct

PS, this entire box feels like one massive troll

Type your comment> @alpaca said:

Those feel super much like a troll but might come in later I guess. Got a shell but I’m really stuck on getting up from www-data into the actual user acct

im on www-data too

box author here.
as far as i know, as of now, NOBODY got the foothold as intended. it’s clear to me that the path wasnt clear enough, and it’s of course my fault.
i’m very sorry because i hate guess-game, and this box turned out to be like that to most of you.
enumeration is so slow because you should drop your automated tools and review that 6 (SIX, not the whole raft-large, SIX) pages. then, it’s a matter of looking for the misconfiguration that leads to easily get the bug exploitable to reach foothold.
OR, you can find the same bug by using so many “sleep” from the server that the Sleeping Beauty will wake up ages before you :frowning:

root was just a matter of searching for uncommon things, and thinking about implication and possible workaround. wear your sysadmin hat.

the plan was different and makes sense, turns out that i’m not Spielberg and i cannot make it clear enough for you all.
again sorry if you got this as guess-game, hope you’ll have the chance to re-read this box as soon as the intended way comes out.

@guly said:
as far as i know, as of now, NOBODY got the foothold as intended. it’s clear to me that the path wasnt clear enough, and it’s of course my fault.

As one member of this NOBODY group I must say that I think it is not your fault. It is our fault we did not know about this “misconfiguration” how you call it and failed to find it. Or perhaps it is noone’s fault at all!

I learned about this thing just today when you told me. The hint could have been a bit clearer for sure but even with a clearer hint I can think of I would not have found it as I did not know that particular thing before. Good you somehow left a second path for us… :wink:

On the other hand compare it to other boxes like for example CTF (just to name one) where we all had to think about what/how things may work behind the curtains without having access to the program logic. You wanted to make it easier for us but we preferred the hard way. I must say that sleeping beauty was a bit annoying but you can manually filter what data you think the waiting time is worth for.

Also look at Helpline - the most abused box of all time? Nearly no one found the intended path there as well. There were other paths and everyone learned something still. Good thing: if you do the box the intended way you think it is a completely other box - so you get 2 for 1.

As someone who recently created a box I am really curious if this might happen to my box as well. Also as I know how much time is needed to make a good box submission: thanks for your time and effort you put into the box! :+1:

Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ?

Type your comment> @peek said:

Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ?

no, nothing like that.

Yo!, finally rooted,
hints for user:
dont depend on the dump, try to understand how it works.
nested has a meaning.
and remeber it was recently hacked.

root:
try something u must have already noticed before the user :wink:

nice one from @guly

Can someone DM me what the intended root for this box is? I can’t relate to any of the comments about root; I thought it was a total brainfuck but I’m not sure I did it the proper way.

All in all, while I do appreciate the work that goes into making these, I think this box could have used some more hints along the way.

Type your comment> @guly said:

Type your comment> @peek said:

Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ?

no, nothing like that.

i dont know the meaning of nested

I have a general idea of what’s going on with the box after some enumeration. I have one pair of creds to a service that isn’t open externally and a few usernames for other services. Would anyone like to discuss in PM how to proceed any further? I don’t want to accidentally post any spoilers.

Once you get user, and take a look back on the box, It becomes really not that trollie. The box has some hard bits you can be sure of, but it came out to be kinda fun in my opinion.
Edit: for user. Root seems like it’s going to kill me

Type your comment> @peek said:

Type your comment> @guly said:

 Type your comment> @peek said:

       Im gonna wait for the ippsec video. Im wondering if english skills/culture is needed ?





  no, nothing like that.

i dont know the meaning of nested

Me neither. If someone can make a sense of what “nested” stands for send me a PM.

Most probably nested queries but don’t know what to make of it

Type your comment> @seke said:

Most probably nested queries but don’t know what to make of it

This is what I took the hint as. Anyone who has made it through Endgame - POO would also. But what, how, when, why… idk

There is one specific page mentioned on the site that was disable because of a previous attack. But how to leverage it, idk, I’m having trouble wrapping my brain around how this works. There is info found about vhost routing, but how to use, idk

Moral of story is… idk

that box is not 30 points, it’s harder

to me a 30 point box, you find documentation on the web or in a pdf. Here you have no exploit explained or something.
Plus we had a talk about stopping troll stuffs on the forum.

Type your comment> @0PT1MUS said:

Type your comment> @seke said:

Most probably nested queries but don’t know what to make of it

This is what I took the hint as. Anyone who has made it through Endgame - POO would also. But what, how, when, why… idk

There is one specific page mentioned on the site that was disable because of a previous attack. But how to leverage it, idk, I’m having trouble wrapping my brain around how this works. There is info found about vhost routing, but how to use, idk

Moral of story is… idk

Exactly in the same boat , tried to update but it seems stacked q … do not work here